This repository has been archived by the owner on Jun 16, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmain.go
117 lines (105 loc) · 3.17 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package main
import (
"authelia-basic-2fa/authelia"
"authelia-basic-2fa/util"
"flag"
"fmt"
"github.com/labstack/echo/v4"
"go.uber.org/zap/zapcore"
)
func main() {
url := flag.String("url", "http://authelia:9091", "Authelia URL to use for authentication")
port := flag.Int("port", 8081, "Listening port")
ip := flag.String("ip", "0.0.0.0", "Listening ip")
debug := flag.Bool("debug", false, "Debug logging")
flag.Parse()
authelia.BuildUrls(*url)
listenAddress := fmt.Sprintf("%s:%d", *ip, *port)
e := echo.New()
e.HideBanner = true
if *debug {
util.InitializeLogger(zapcore.DebugLevel)
} else {
util.InitializeLogger(zapcore.InfoLevel)
}
e.GET("*", handleAuthentication)
util.SLogger.Info("Using Authelia URL: " + *url)
util.SLogger.Info("Listening on: " + listenAddress)
util.SLogger.Fatal(e.Start(listenAddress))
}
func handleAuthentication(ctx echo.Context) error {
user := fmt.Sprint("User " + ctx.RealIP())
util.SLogger.Debug(user + " connected")
statusCode, returnHeaders, err := checkAuthentication(ctx)
if err != nil {
util.SLogger.Error(user + " not authenticated")
util.SLogger.Error(err)
return ctx.NoContent(500)
}
if util.IsGood(statusCode) {
util.SLogger.Info(user + " authenticated")
for key, value := range returnHeaders {
ctx.Response().Header().Set(key, value)
}
return ctx.NoContent(statusCode)
} else {
util.SLogger.Info(user + " not authenticated")
return ctx.NoContent(statusCode)
}
}
func checkAuthentication(ctx echo.Context) (int, map[string]string, error) {
clientHandler := NewClientHandler(ctx)
// apply all proxyCookies to the response, e.g. newly created Authelia session
defer func() {
for _, cookie := range clientHandler.proxyCookies {
util.SLogger.Debugf("Applying proxy cookie: %+v", cookie)
ctx.SetCookie(cookie)
}
}()
util.SLogger.Debug("Checking if user session is already valid")
statusCode, returnHeaders, err := clientHandler.checkSession()
if err != nil {
return 0, nil, err
}
if util.IsGood(statusCode) {
util.SLogger.Debug("User session was valid")
return statusCode, returnHeaders, nil
} else if statusCode != 401 {
return statusCode, nil, nil
}
util.SLogger.Debug("Checking if user authorization is valid")
statusCode, returnHeaders, err = clientHandler.checkAuthorization()
if err != nil {
return 0, nil, err
}
if util.IsGood(statusCode) {
util.SLogger.Debug("Authorization was valid")
return statusCode, returnHeaders, nil
} else if statusCode != 401 {
return statusCode, nil, nil
}
util.SLogger.Debug("Performing manual authentication")
credentials, err := DecodeCredentials(ctx)
if err != nil {
util.SLogger.Debug(err)
return 401, nil, nil
}
util.SLogger.Debug("Checking first factor authentication")
statusCode, err = clientHandler.checkFirstFactor(credentials)
if err != nil {
return 0, nil, err
}
if util.IsBad(statusCode) {
return statusCode, nil, nil
}
util.SLogger.Debug("Checking TOTP authentication")
statusCode, err = clientHandler.checkTOTP(credentials)
if err != nil {
return 0, nil, err
}
if util.IsBad(statusCode) {
return statusCode, nil, nil
}
util.SLogger.Debug("Checking if new session is valid")
return clientHandler.checkSession()
}